Here is a short story: I started feeling imposter syndrome once I was getting more comfortable at the help desk I started my IT career at. Having moved past the initial panic state of my early days at my first IT job ever, I started to ask myself questions like “Am I getting good at IT? Or just good at this job?”. I quickly discovered that I was not the only one where the seed of self-doubt had rooted. Some folks were able to eventually move past that feeling, and continue their development on to different paths past the help desk, however, a small number of people did seem to struggle to even feel entitled to not knowing everything or not becoming an immediate SME on all the different technologies and tools we were exposed to.
Joining a young SOC team that lacked of serious mentorship at the time only increased the weight of imposter syndrome bearing down on me. As great of an opportunity as it was, self doubt and lack of direction did not do my early development in the infosec field any favors. It felt as if I had to constantly be doing something related to infosec and cybersecurity at all times, far beyond the time spent on the clock, to even come close to being relatively good at what I do. I also had a constant feeling that, no matter how much I knew, I knew 0.01% of what I needed to know to be effective at my job, or even compared to those around me.
I recently came across this article, which provided me with perspective I needed. While the article does not completely alleviate the imposter feeling, it does highlight the reality we all tend to forget at times: No one knows everything. The article cited many reasons as to why imposter syndrome is so common in our industry; we are in a highly competitive and rapidly moving industry, the nature of an attack-defense type of role, and, more interestingly, the cynical and critical nature of cybersecurity professionals that learn to earn a living analyzing everything around them. To that, I would add the fact that this is still a young industry, where standards in many areas are not set or widely adopted, and where, often, the key decision-makers at any setting do not have extensive cybersecurity backgrounds (CTOs, CFOs, CEOs, etc.), which can only add on to the imposter syndrome and subsequent risk of burnout due to lack of overall direction or “sense”.
While I will likely write later on what has helped me defeat the imposter syndrome at times, I need to make it clear that the Flaksec project is yet another initiative to fight it. For most of us in this project, it will be quite a challenge to get over the fear of sharing insight with the rest of the world.
So, “What is Flaksec?” you may ask. Flaksec is a collaborative project that was ideated back in December 2020. With it, we, a group of infosec professionals, wanted to have a space where to share news, experiences, opinions and perspectives. We are not a group of consultants, nor a vendor, nor some type of startup. We are also not trying to lecture, nor claim to be in possession of the one and only truth. While some may think that automatically disqualifies us from having a platform, we see value on this type of unapologetic insight (which we have often seeked ourselves elsewhere) and think and hope that, maybe, it could provide valuable impact in the overly competitive field of infosec, where nobody really wants to admit they do not know everything.
We hope you find the time you spend reading/watching/listening to the content we may create in the near future to be useful to you, and always feel free to start a conversation with us, since that is one of the main reasons of starting this all.
Follow flaksec on Twitter: Link
Follow flaksec on Github: Link
Thanks for your post! I look forward to reading more from you.